Allowing ETL access to relational databases on Amazon RDS

This article walks you through the process of allowing ETL direct access to your databases on RDS. If you'd like to use an SSH tunnel, click here to read more.

You can watch this short video that demonstrates setting up a connection to MySQL RDS in VPC or read below for textual instructions.


The security rules are setup with either a VPC or an EC2 instance to provide ETL access to the database IP address and port. 

To verify or modify the security rules of an instance on VPC:

    1. Open the instance in the RDS Dashboard in the Connectivity & Security section of the DB Instance pane.
    2. Verify that Publicly Accessible set to the default value Yes.
    3. Click on the Security Group listed. thumbnail image
    4. In the Security Group screen, select the Inbound tab. Then click Edit inbound rules. thumbnail image
    5. Click Add rule to add the IP addresses listed here. Create a rule for each of the IP addresses:

      In the "Type" dropbox, choose Custom TCP rule.
      In the port range, add the port that your database listens to.
      In the source dropbox select Custom IP and enter one of the IP addresses.

      The default ports for supported databases are:

      MySQL - 3306
      SQL Server - 1433
      PostgreSQL - 5432

    6. Click Save rules. thumbnail image

To configure your database to only accept SSL encrypted connections see for more information.